![]() ![]() This example shows how to enable group validation for an LDAP server group: switch# configure terminal switch(config)# aaa group server ldap LDAPServer1 switch(config-ldap)# server 10.10.2.2 switch(config-ldap)# enable user-server-group switch(config-ldap) Related Commands CommandĮnables LDAP users to login only if the user profile lists the subject-DN of the user certificate as authorized for login. Users can login through public-key authentication only if the username is listed as a member of this configured group in the LDAP server. To use this command, you must configure the LDAP server group name in the LDAP server. No enable user-server-group Syntax Description To disable group validation, use the no form of this command. To enable group validation for an LDAP server group, use the enable user-server-group command. This example shows how to enable a secret password for a specific privilege level: switch# configure terminal switch(config)# feature privilege switch(config)# enable secret 5 def456 priv-lvl 15 switch(config)# username user2 priv-lvl 15 switch(config)# Related Commands CommandĮnables the user to move to a higher privilege level after being prompted for a secret password. Global configuration Command History Release The range is from 1 to 15.Īdds or removes all privilege level secrets. (Optional) Specifies the privilege level to which the secret belongs. It contains up to 64 alphanumeric, case-sensitive characters. (Optional) Specifies that the password is in encrypted format. (Optional) Specifies that the password is in clear text. No enable secret password Syntax Description To disable the password, use the no form of this command.Įnable secret password To enable a secret password for a specific privilege level, use the enable secret command. ![]() This example shows how to enable the user to move to a higher privilege level after being prompted for a secret password: switch# enable 15 Related Commands CommandĮnables a secret password for a specific privilege level.Įnables the cumulative privilege of roles for command authorization on TACACS+ servers.ĭisplays the current privilege level, username, and status of cumulative privilege support.Įnables a user to use privilege levels for authorization. To use this command, you must enable the cumulative privilege of roles for command authorization on TACACS+ servers using the feature privilege command. The only available level is 15.ĮXEC configuration Command History Release Privilege level to which the user must log in. To enable a user to move to a higher privilege level after being prompted for a secret password, use the enable command. This example shows how to enable LDAP users to login only if the user profile lists the subject-DN of the user certificate as authorized for login: switch# configure terminal switch(config)# aaa group server ldap LDAPServer1 switch(config-ldap)# server 10.10.2.2 switch(config-ldap)# enable Cert-DN-match switch(config-ldap) Related Commands CommandĬreates an LDAP server group and enters the LDAP server group configuration mode for that group.Įnables group validation for an LDAP server group.Ĭonfigures the LDAP server as a member of the LDAP server group.ĭisplays the LDAP server group configuration. LDAP server group configuration Command History Release This command has no arguments or keywords. No enable Cert-DN-match Syntax Description To disable this configuration, use the no form of this command. To enable LDAP users to login only if the user profile lists the subject-DN of the user certificate as authorized for login, use the enable Cert-DN-match command. This chapter describes the Cisco NX-OS Security commands that begin with E. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |